KR20130044842A - Portable terminal - Google Patents

Abstract

PURPOSE: A terminal is provided to select a fake AP(Access Point) including aggression such as hacking. CONSTITUTION: A communication unit(130) receives a plurality of packets from a plurality of APs which provides a wireless communication service. A control unit(150) analyzes the received packets. The control unit calculates reliability for the security of the APs. A fake AP selecting unit(140) selects a fake AP based on the calculated reliability. [Reference numerals] (112) Display unit; (114) Input unit; (120) Storage unit; (130) Communication unit; (140) FAKE AP selecting unit; (150) Control unit

Description

Terminal

The present invention relates to a terminal and a method, and more particularly, to a terminal and a method capable of collecting fake access points.

3G provides wireless Internet service through a carrier's base station, and Wi-Fi provides wireless Internet service using a wired / wireless router, that is, an access point. Portable terminals such as smartphones and tablet PCs can use wireless Internet services using 3G or Wi-Fi, regardless of time and place. However, when the user uses 3G, the user must pay a fee, and when using the Wi-Fi, the user can use the Internet for free. Recently, Wi-Fi services have been provided in open environments such as many public places.

However, the Internet by 3G is safe in terms of security, but the Internet by Wi-Fi uses the Internet using an access point, so the reliability of the terminal is low. In particular, when an attacker, such as a hacker, disguises his terminal as an unsecured access point, and the terminal is connected, the terminal is hacked into personal information by an attack of fake api (hereinafter, fake AP). Accordingly, there is a need for a technology capable of preventing an accident such as hacking by selecting a fake AP that exists in an open environment and operates as an access point.

It is an object of the present invention to provide a terminal and a method having a firewall capable of informing a user of risks related to security by selecting an access point having an aggressiveness such as a hack among a plurality of access points existing around and calculating a reliability. .

According to an embodiment of the present invention, the method includes: receiving a plurality of packets from a plurality of access points providing a wireless communication service; Analyzing the received plurality of packets to calculate confidence in the security of the plurality of access points; And displaying the calculated reliability and identification information of the plurality of access points.

The method may further include determining whether to recommend the use of the plurality of access points based on the calculated reliability. The displaying may include displaying whether the recommendation determined in the determining step is included.

The calculating may include calculating the reliability by analyzing each MAC address and each SSID (Service Set Identifier) included in the plurality of packets.

In the calculating, if the plurality of MAC addresses are the same and the plurality of SSIDs are different, the reliability of an access point having the same MAC address among the plurality of access points may be calculated to be the lowest.

The calculating may include identifying the packets having the same signal sensitivity among the packets having the same MAC address, and broadcasting the packets having the same signal sensitivity among the packets having the same MAC address among the plurality of access points. The reliability of the point can be calculated to the minimum.

The calculating may include calculating the reliability by analyzing each MAC address, each SSID, and signal sensitivity of the plurality of packets included in the plurality of packets.

The calculating may include: broadcasting packets having the same signal sensitivity among the plurality of access points when the plurality of MAC addresses are different, the plurality of SSIDs are different, and the signal sensitivity of the plurality of packets is the same. The reliability of one access point can be calculated at the minimum.

In the calculating, the reliability may be calculated by applying data mining to at least two of the data included in the at least one packet.

On the other hand, according to an embodiment of the present invention, a communication unit for receiving a plurality of packets from a plurality of access points for providing a wireless communication service; A fake AP selector configured to analyze the received plurality of packets to calculate reliability of security of the plurality of access points; And a display unit which displays a reliability screen showing the calculated reliability and identification information of the plurality of access points.

The fake AP selector may further include a controller configured to determine whether to recommend the use of the plurality of access points based on the calculated reliability, and to further display the determined recommendation on the reliability screen.

The fake AP selector may calculate the reliability by analyzing each MAC address and each SSID (Service Set Identifier) included in the plurality of packets.

When the plurality of MAC addresses are the same and the plurality of SSIDs are different, the fake AP selector may calculate the lowest reliability of an access point having the same MAC address among the plurality of access points.

The fake AP selector checks packets having the same signal sensitivity among packets having the same MAC address, and broadcasts packets having the same signal sensitivity among packets having the same MAC address among the plurality of access points. The reliability of the point can be calculated to the minimum.

The fake API selector may calculate the reliability by analyzing each MAC address, each SSID, and signal sensitivity of the plurality of packets included in the plurality of packets.

The fake AP selector is configured to broadcast packets having the same signal sensitivity among the plurality of access points when the plurality of MAC addresses are different, the plurality of SSIDs are different, and the signal sensitivity of the plurality of packets is the same. The reliability of one access point can be calculated at the minimum.

The fake API selector may calculate the reliability by applying data mining to at least two of the data included in the at least one packet.

According to an embodiment of the present disclosure, an access point (fake AP) having an aggressiveness such as hacking may be selected among a plurality of access points existing in the vicinity. The user can use the list for such selected fake APs to prevent leakage of personal information.

1 is a diagram illustrating a wireless communication system including a terminal according to an embodiment of the present invention;
2 is a block diagram illustrating a first terminal 100 according to an embodiment of the present invention shown in FIG. 1.
3 is a flowchart illustrating a method for selecting an access point of a terminal according to an embodiment of the present invention;
4 is a flowchart for explaining step S330 of FIG. 3 in detail;
5 is a block diagram illustrating an operation of a terminal according to an embodiment of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features, and advantages of the present invention will become more readily apparent from the following description of preferred embodiments with reference to the accompanying drawings. However, the present invention is not limited to the embodiments described herein but may be embodied in other forms. Rather, the embodiments disclosed herein are provided so that the disclosure can be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. In this specification, when an element is referred to as being on another element, it may be directly formed on another element, or a third element may be interposed therebetween.

The terminology used herein is for the purpose of illustrating embodiments and is not intended to be limiting of the present invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. The terms "comprises" and / or "comprising" used in the specification do not exclude the presence or addition of one or more other elements.

Hereinafter, the present invention will be described in detail with reference to the drawings. In describing the following specific embodiments, various specific details are set forth in order to explain and understand the invention in more detail. However, it will be appreciated by those skilled in the art that the present invention may be understood by those skilled in the art without departing from such specific details. In some cases, it is mentioned in advance that parts of the invention which are commonly known in the description of the invention and which are not highly related to the invention are not described in order to prevent confusion in explaining the invention without cause.

1 is a diagram illustrating a wireless communication system including a terminal having a firewall according to an embodiment of the present invention.

Referring to FIG. 1, a wireless communication system includes first to third access points 10, 20, and 30 and first to fourth terminals 100, 110, 120, and 130. . Here, the terminals are devices having a wireless LAN communication function, and may be, for example, devices such as a portable terminal, a personal computer, a smartphone, a PDA, and the like.

The first to third access points 10, 20, and 30 are devices for providing a wireless communication service such as the Internet to terminals located in a nearby local area, for example, a wired / wireless router. The first to third access points 10, 20, and 30 broadcast a packet indicating its presence providing a wireless communication service. At this time, a MAC address and a SSID (Service Set Identifier) are recorded in the header of each broadcasted packet. The MAC address is a unique address assigned to the first to third access points 10, 20, and 30 for wireless communication, and the SSID is a wireless address provided by the first to third access points 10, 20, and 30. The name of the LAN service can be different.

The terminals 100 and 130 provide various functions such as voice call function, Internet information search, transmission and reception of data by wired / wireless communication, fax transmission and reception, schedule management, and may be equipped with an operating system such as a personal computer. For example. The terminals 120 and 140 may be tablet PCs, for example.

In general, an access point is an entity that connects a wireless medium with a wired network such as IEEE 802.3. The access point serves as a base station for a wireless local area network (WLAN) device, and a WLAN device in a wired network such as a LAN. You can connect them, and this type of Internet connection is called Wi-Fi. In addition, when the access point serves as a router, the access point enables a plurality of terminals to use the Internet by using one Internet line connected by wire.

Recently, Wi-Fi internet service is provided free of charge in public places such as libraries, in-house and cafes. Accordingly, when the first to third access points 10, 20, and 30 are installed around the first to fourth terminals 100, 110, 120, and 130, the terminals 100, 110, 120, and 130. ) May search for a surrounding wireless signal and display a plurality of SSIDs.

The plurality of SSIDs are identifiers of each of the first to third access points 10, 20, and 30, and a user may select one of the displayed SSIDs to attempt a wireless connection. As described above, the MAC address and SSID of the first to third access points 10, 20, and 30 are different from each other, and generally, one access point broadcasts one packet at a time.

However, when one of the first to third access points 10, 20, and 30 is a fake AP for hacking, the fake AP may broadcast packets having different SSIDs at the same time. The SSIDs of the broadcast packets can be different, but the MAC addresses are likely to be the same. As used herein, the term 'fake ap' is a concept including a modulated ap.

Also, even though the SSID and MAC address of the broadcast packets are different, if the received signal sensitivity of the packets is exactly the same, the access point with that SSID is likely to be fake ap. This is because, in a location where fake api is fixed, it is highly likely to transmit packets by different SSIDs and MAC addresses.

2 is a block diagram illustrating a terminal 100 according to an embodiment of the present invention shown in FIG. 1.

Referring to FIG. 2, the first terminal 100 includes a touch screen 110, a storage 120, a communication unit 130, a fake api selector 140, and a controller 150.

The touch screen 110 is responsible for interfacing between the user and the first terminal 100. The user manipulates the touch screen 110 to use a function provided by the first terminal 100. For example, the user may select an icon of a desired function from the icons displayed on the touch screen 110 by a touch method.

To this end, the touch screen 110 may be divided into a display unit 112 and an input unit 114. The display unit 112 displays a screen showing a current state of the first terminal 100, and the input unit 114 receives a command from a user through a touch panel, an operation panel, or the like. Although a touch screen 110 using a touch method is illustrated in FIG. 1, a display panel such as a light emitting diode (LED), a liquid crystal display (LCD), an input device such as a keyboard or a mouse may be provided.

The storage unit 120 stores data necessary for performing operations of the first terminal 100 such as a control program, an operating system, an application, a driver, and an operating system required for driving the first terminal 100 and data generated during the operation. The application can be downloaded and installed through the web as in a PC by operating an operating system, and the user can download various applications. Therefore, the first terminal 100 may be recognized as a PC capable of making a phone call, and the security of the first terminal 100 should be guaranteed in consideration of various functions and portability.

The communication unit 130 may communicate with a base station (not shown) for a telephone, and may communicate with an access point for a wireless communication service such as the Internet. To this end, the communication unit 130 may be implemented as a module having a complex function. When the user enters a place with the first terminal 100 and searches for a wireless network that supports a wireless communication service, the communication unit 130 allows the first to third access points 10, 20, and 30 to be broadcast. Receive casting packets.

The fake AP selector 140 may analyze the packets received from the first to third access points 10, 20, and 30 to select the fake APs. Meanwhile, the selected fake API may be stored in the storage unit 120 in the form of a list (hereinafter, referred to as “fake API list”), but the fake API list does not necessarily need to be stored in the storage unit 120. It may also be stored in a device (not shown).

For example, the fake AP selector 140 may include at least one of MAC address, SSID, and received signal sensitivity among data included in packets received from the first to third access points 10, 20, and 30. By analyzing the, each of the first to third access points (10, 20, 30) can be selected whether or not the fake api.

For example, the fake api selector 140 may select the fake ap in the following manner.

 For example, the fake api selector 140 may assign a numerical value representing the reliability for each AP and select the fake ap based on the reliability value. Here, the reliability represents the reliability related to the security of the first to third access points 10, 20, and 30, and the case where the reliability is the lowest value or below a specific value may be selected as the fake ap.

For example, the fake api selector 140 may analyze packets received from the first to third access points 10, 20, and 30, and select the fake api as a fake ap if a specific situation is met. . In the case of the second example, the case corresponding to the fake API is stored in advance, and in such a case, the screen is selected as the fake API.

First situation

In the first situation, the SSIDs are different but the MAC addresses are the same.

The packet includes an SSID of the first to third access points 10, 20, and 30, a MAC address of the first to third access points 10, 20, and 30, a received signal sensitivity and a timestamp of the packet, and the like. Data may be included. The fake AP selector 140 may calculate a reliability value for each AP by applying a data mining technique to at least two pieces of data included in the packet. Data mining is the process of discovering useful correlations hidden in data, extracting actionable information in the future and using it to make decisions.

For example, the fake AP selector 140 analyzes the MAC address and the SSID among the data included in the packets received from the first to third access points 10, 20, and 30, respectively. The reliability of the three access points 10, 20, and 30 may be determined, respectively.

In detail, the fake AP selector 140 may detect packets having different SSIDs of the first to third access points 10, 20, and 30 and having the same MAC address among the received packets. The fake AP selector 140 checks the MAC addresses of the detected packets to identify an access point (eg, the first access point 10) broadcasting the detected packets, and corresponds to the first situation. The first access point 10 may be determined to be fake ap.

 This means that the SSIDs of at least two packets are different but the same MAC address is because one access point has broadcast at least two packets, and therefore the probability that the access point is fake ap is high. The fake api selector 140 determines the reliability value of the first access point 10 determined as the fake ap to be the lowest, or calculates the reliability of the first access point 10 as a numerical value in consideration of the reception signal sensitivity. can do.

The fake AP selector 140 may select the fake AP when the first access point 10 corresponds to the first situation.

Alternatively, the fake API selector 140 may determine the fake API in consideration of at least one or more of the other situations described below, even if the first situation. For example, if a value is assigned to each situation, and the sum of such values is equal to or greater than a predetermined value, the fake AP selector 140 may select the AP as a fake API.

Second situation

The second situation is when the SSID and the MAC address are APs different from each other, but the signal strengths of the packets of these APs are the same or similar to each other.

The fake AP selector 140 may find the fake AP by checking the signal strength of packets broadcast from the access points. Even in the case of APs having different SSIDs and MAC addresses, they may correspond to fake ap. In other words, the fake AP may broadcast packets having different MAC addresses and SSIDs, and in this case, the fake APs cannot be selected using only the MAC addresses and SSIDs. To solve this, the fake AP selector 140 determines whether the signal strength of each packet is the same or similar, and selects the fake AP if the signal strength is the same or similar.

For example, assume that there is a first AP and a second AP having different MAC addresses and SSIDs. In this case, the fake AP selector 140 compares the signal strength of the first AP with the signal strength of the second AP to determine whether the two are the same or similar. If it is the same or similar, the first AP and the second AP is actually determined to be a fake AP as the same terminal, and the fake AP selector 140 may select the first AP and the second AP as the fake AP. have.

In the above-described embodiment, the operation of comparing the signal strength of the AP has been described as the fake api selector 140, but this is illustrative and provides a separate component other than the fake api selector to the signal strength of the AP It is also possible to perform the operation of comparing the.

The operation of comparing the signal strengths of the APs may be performed, for example, by checking whether the signals of each AP are equal to each other by squared for a predetermined time domain. Of course, this method is exemplary, and it may be possible to use another algorithm for determining whether the signal strength of the AP is the same or similar.

Third situation

The third situation is when the received signal sensitivity of the packets is the same as APs having the same MAC address.

The fake AP selector 140 detects packets having the same MAC address among data included in the packets received from the first to third access points 10, 20, and 30, and receives the detected packets. Access points with the same signal sensitivity may be selected as fake ap.

4th situation

The fourth situation is as another AP with a different SSID, a case where the signal strength are equal to each other.

The fake AP selector 140 analyzes the MAC address, the SSID, and the received signal sensitivity among the data included in the packets received from the first to third access points 10, 20, and 30, so that the SSID is different from the signal. If the strengths are exactly equal to each other, such an access point can be selected as fake ap.

5th situation

The fifth situation is when an AP has a MAC address without a manufacturer.

The fake AP selector 140 analyzes the packets received from the first to third access points 10, 20, and 30 to select an access point having a MAC address without a manufacturer, and trusts the access point. Calculate with a lower number. Since manufacturers are releasing OIDs these days, the fake AP sorting unit 140 may compare an OID included in a MAC address with an OID published by a manufacturer, thereby selecting an access point for which the manufacturer does not exist. Although not shown, a server storing an OID disclosed by the manufacturer may be separately provided, and the first terminal 100 may obtain the manufacturer's OID from the server storing the OID.

6th situation

The sixth situation corresponds to a portable AP.

The fake api selector 140 may analyze the packet and select the fake ap as a fake ap when it corresponds to the portable AP. Whether or not the portable AP can be distinguished by a MAC address, the MAC address usually has information indicating the manufacturer, it can be selected whether or not the portable AP using this information. To this end, the storage unit 120 may store information on the AP manufacturer list. Here, the list of AP manufacturers is a list of each AP manufacturer and indicates whether only a portable AP or a portable AP is not produced for each AP manufacturer. For example, when the MAC address is AA: BB: CC: DD: EE: EF, the AA: BB: CC part is called OUI (Organizationally Unique Identifier) as information for identifying a manufacturer.

7th situation

The seventh situation is when the AP uses a 3G or 4G network at the back end.

The fake AP selector 140 may select APs using 3G or 4G networks, and select those APs as fake APIs.

In general, APs use Ethernet at the back end, and there are often APs using 3G and 4G. However, if 3G and 4G are used at the back end, the cost is high and the communication speed is low, so there is little reason to use 3G and 4G. Therefore, APs using 3G and 4G are likely to be fake ap. Therefore, the fake AP selector 140 according to the present embodiment selects APs using 3G and 4G networks as fake APIs.

 There are various methods for selecting APs using 3G and 4G. For example, the following methods may be used.

The terminal 100 can find out whether 3G or 4G is used at the back end by finding a routing pass path. For example, routing path passes can be found using the Internet Control Message Protocol (QICMP) protocol. Although the terminal 100 can find out the routing path path, it is also possible to build a separate device for finding the routing path path and to receive the information about the routing path path from the device.

In addition, although the fake pass selector 140 may find out the routing pass path, the terminal 100 may further include a separate component for determining the routing pass path, not the fake epi selector 140. It is possible.

FIG. 5 is a block diagram illustrating an operation of a terminal according to an exemplary embodiment of the present invention. Referring to FIG. 5, a method of determining a routing pass path using an ICMP protocol will be described.

When the terminal 100 transmits an ICMP trans routing message to the AP, the AP informs its IP address, and routers R1 and R2 connected to the AP also inform their terminal 100 of their IP address. Meanwhile, the gateway also informs its own IP address to the terminal 100. Referring to the IP address of the gateway, it can be known whether the 3G or 4G network is used at the back end.

The number of routers described above is exemplary and the present invention is not limited to those numbers. In addition, the method of selecting APs using 3G and 4G described above is exemplary, and the present invention is not limited to such a method.

8th situation

The eighth situation is a case where the AP has a routing path different from the previously stored routing path.

The fake AP selector 140 may select an AP having a routing path different from the previously stored routing path. To this end, the storage unit 120 may store a routing path for each AP. The routing path can be found using the ICMP protocol, for example, as described above.

Among the terminals, there are terminals which have a function of automatically accessing an AP once connected. For example, if i) the SSID is the same, or ii) the SSID is the same and the authentication algorithm is the same at the same time, the terminal user is automatically connected without asking. Such loopholes can be used by fake api.

The terminal according to an embodiment of the present invention stores at least two hops of routing paths to each of previously accessed APs in order to select such fake APs. Then, when the terminal automatically reconnects to the AP, it checks the routing path of the AP to reconnect and checks the checked routing path and the previously stored routing path. Low. For example, the storage unit 120 may store at least two hops of routing paths for each previously connected APs, and the fake AP selector 140 checks the routing paths of the APs to be reconnected and checks the identified routing paths. If the path and the routing path previously stored in the storage unit 120 are checked and both are not the same, it may be treated as a fake ap.

In the above-described embodiment, the component for confirming the routing path has been described as the fake AP selector 140, but this is exemplary and it may be configured to include a component for identifying the routing path separately.

9th situation

This is the case of an AP which encrypts in a predetermined temporal order.

The fake AP selector 140 may select whether each access point is a fake AP in consideration of a temporal change in the encryption scheme of the respective access points.

For example, there are four encryption schemes, OPEN, WEP, WPA, and WPA2. These encryption schemes are stronger in order of OPEN <WEP <WPA <WPA2. If the first access point initially changes the encryption method to WPA2 and then WEP, in this case, the fake AP selector 140 selects the first access point as a fake AP, or collectively combines other factors (FACORs) together. In consideration, whether or not the first access point is fake ap may be selected.

 This is because the temporal change of the encryption scheme changes from the strong to the weak, making the fake ap.

On the other hand, the fake api selector 140, if the temporal change of the encryption scheme is changed from a low degree of encryption to a strong one (for example, changed from OPEN to WPA), the reliability value is maintained or set higher.

10th situation

AP This is the case when it is included in the pre-stored black list or white list.

After storing the black list and the white list for the SSID in advance, the fake AP selector 140 may use the list to reflect the calculated reliability value. For example, when the SSID of a specific access point is included in the black list, the reliability value may be calculated low, and when the SSID of the specific access point is included in the white list, the reliability value may be calculated high. The above-described lists may be stored in the storage 120, but may be stored in another storage (not shown) provided separately.

11th situation

This is the case with an AP with a hidden SSID.

The fake AP selector 140 may maintain or increase the reliability value without lowering the reliability value when the access point has a hidden SSID.

12th situation

This is the case when there are APs using the same channel.

When there are a large number of access points using the same channel, the fake AP selector 140 may select the fake AP as a fake AP or give a lower overall reliability value. Typically, access points use channels of a specific band, which is most likely to use channels of the same band, so if there are very many access points that use channels of the same band in a given area, it will be fake api. Will most likely be

13th situation

This is a case where the temporal position change of the AP changes more than the reference number of times.

The fake AP selector 140 may reflect the calculation of the reliability value by referring to the history of the access points over time. For example, the position value of each AP may be roughly calculated by the first terminal 100 and stored for each time zone. The location value may be stored in the storage 120, but may be stored in another storage (not shown) provided separately. The fake AP selector 140 may grasp the degree of change of the positions of the access points in time, and set the reliability value low when the position changes.

According to an embodiment of the present invention, the fake API selection unit 140 may be selected as the fake AP if only one of the first to tenth situation, and the twelfth to thirteenth situation. Alternatively, the fake api selector 140 may assign a numerical value to each of the first to thirteenth situations and select the fake ap based on the numerical values. That is, the fake api may be selected by comprehensively considering the first to thirteenth situations. For example, the fake api selector 140 may calculate a reliability value in consideration of at least two or more of the above-described methods. In addition, the fake api selector 140 may calculate reliability by considering at least two or more of the above-described methods and assigning the same or different weights to each other.

In detail, the fake AP selector 140 has the same received signal sensitivity among the received packets when the SSIDs of the first to third access points 10, 20, and 30 are all different, and the MAC addresses are also different. Packets can be detected. The fake AP selector 140 may determine an access point (eg, the first access point 10) broadcasting the detected packets as the fake AP. This means that although the SSID and the MAC address are different, the received signal sensitivity is the same because the packet is broadcast from the same place, that is, the same access point, and therefore the probability that the access point is fake ap is high. The fake AP selector 140 may determine the reliability of the first access point 10 determined as the fake AP as the lowest.

In addition, the fake AP selector 140 may calculate reliability of the second and third access points 20 and 30 as well as the first access point 10 determined as the fake AP.

When all of the reliability of the first to third access points 10, 20, and 30 are calculated, the fake api selector 140 may calculate the first to third access points 10, 20, and 30 based on the calculated reliability. ) May be a fake api.

On the other hand, if the reliability calculated by the fake api selector 140 belongs to 0 to 30%, the fake api selector 140 may select as a fake ap.

The controller 150 may control the operation of the first terminal 100 using a control program, an operating system, and an application stored in the storage 120. For example, when the user selects one of the plurality of applications through the input unit 114, the controller 150 may drive the selected application and display the corresponding screen on the display unit 112.

In addition, when the user requests a wireless communication service, the controller 150 analyzes the packets received through the communication unit 130 to determine the first to third access points 10, 20, and 30 that broadcast the packets. The fake API selector 140 may be driven to calculate the reliability. As a result, the fake AP selector 140 analyzes the packets to calculate reliability. The display unit 112 may display the calculated reliability.

Although the control program, the operating system, and the application are all stored in the storage unit 120 in the above-described embodiment, it is to be understood that the control program, the operating system, and the application may be stored in different storage units. For example, a storage unit for storing the control program and the operating system and a storage unit for storing the application may be separately provided. In addition, when the control program, the operating system, and the application are operated, they may be loaded and operated in a volatile storage (not shown), such as a RAM. Since such techniques are well known, they will not be described in more detail.

3 is a flowchart illustrating a method for selecting an access point of a terminal according to an embodiment of the present invention.

The terminal performing the method for selecting an access point of FIG. 3 may be implemented in the form of an application and / or hardware installed in the first terminal 100 described with reference to FIG. 2 or the first terminal 100.

In steps S300 to S320, the first to third access points may broadcast at least one packet to inform their presence of providing a wireless communication service.

In operation S330, a terminal that is requested to search for a surrounding wireless signal from a user may calculate the reliability of the first to third access points by analyzing the received packets.

In operation S350, the terminal may select the fake AP based on the reliability calculated in operation S330.

FIG. 4 is a flowchart for describing operation S330 of FIG. 3 in detail.

In step S410, the terminal may check the MAC address, SSID and the received signal sensitivity included in the received packets.

In step S420, the terminal checks whether the same MAC address exists among the checked MAC addresses.

If the same MAC address exists (S420-Y), in step S430, the terminal may determine whether to consider the received signal sensitivity further.

When considering the received signal sensitivity (S430-Y), in step S440, the terminal may check whether the same signal sensitivity among the received signal sensitivity of the packets having the same MAC address confirmed in step S420.

If the same signal sensitivity exists (S440-Y), the terminal calculates the reliability of the access point that transmits the packet having the same signal sensitivity among the packets having the same MAC address, that is, the first access point. In this case, the reliability of the first access point may be calculated with the lowest value. This is because the packet has the same MAC address and the same signal sensitivity, because a plurality of packets are broadcast from the first access point, and therefore, the first access point has a high probability of fake ap.

On the other hand, if the reception signal sensitivity is not considered further (S430-N), in step S460, the terminal calculates the reliability of the access point, that is, the first access point, which transmitted the packets having the same MAC address identified in step S420. do. In this case, the reliability of the first access point may be calculated with a low value. This is because the MAC addresses of the packets are the same because a plurality of packets are broadcast from the first access point, and therefore, the first access point has a high probability of fake ap.

In addition, if the same MAC address does not exist (S420-N), in step S470, the terminal can check whether the same signal sensitivity among the received signal sensitivity of the packets identified in step S410.

If the same signal sensitivity exists (S470-Y), in step S480, the terminal calculates the reliability of the first access point transmitting the packet having the same signal sensitivity among the packets having the same MAC address. In this case, the reliability of the first access point may be calculated with a low value. This is because even though the MAC address and SSID of the packets are not the same, the received signal sensitivity is the same because a plurality of packets are broadcast from the same first access point, and therefore, the first access point has a high probability of fake ap. .

On the other hand, if the same signal sensitivity does not exist (S470-N), in step S490, the terminal determines that there is no fake API around, and calculates the reliability of all the first to third access points broadcasting the packet do.

In the above-described embodiments, the fake api selector has been described as having both an operation of selecting a fake ap (or a fake ap) and an operation of assigning a reliability value, which is an exemplary configuration for performing the operation of selecting a fake ap It is also possible to provide the elements separately, and to configure the fake API sorting unit to perform an operation of assigning a reliability value.

Unlike the above-described embodiments, a finger printing method may be provided using the fake AP as another method. This method checks all channels (frequency bands), assigned IP, SSID, MAC address, and authentication method.

For example, a fake AP may interrupt while the terminal is communicating with a normal AP. In this case, it can be determined using a finger printing technique. As a specific example, the terminal may receive two finger printings. That is, when there is an AP called A, the terminal receives finger printing (SSID, BSSID, authentication method, and channel) before accessing A, and even after accessing A, finger printing (SSID, BSSID, authentication method, channel, and routing path). k hops). Fingerprinting before connection is to determine whether A is normal before the terminal connects to A, and fingerprinting after connection is to detect fake AP generated while the terminal and the AP are in communication. Such a fingerprint printing technique may be performed in combination with the embodiments described with reference to FIGS. 1 to 5. That is, in combination with the first to thirteenth situations described above, it may be comprehensively determined whether the fake AP is a fake AP.

In addition, all or at least some of the methods described above may be embodied in a program that makes a computer executable.

In addition, all or at least some of the methods described above may be embodied in a computer readable recording medium having stored thereon a program which makes a computer executable.

As described above, although the present invention has been described with reference to the limited embodiments and the drawings, the present invention is not limited to the above embodiments, and those skilled in the art to which the present invention pertains various modifications and variations from these descriptions. This is possible. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined by the equivalents of the claims, as well as the claims.

10, 20, 30: first to third access points
100, 110, 120, 130: first to fourth terminals
110: touch screen 120: storage unit
130: communication unit 140: fake ap selection unit
150:

Claims (1)

Receiving a plurality of packets from a plurality of access points providing a wireless communication service;
Analyzing the received plurality of packets to calculate confidence in the security of the plurality of access points; And
Selecting a fake AP based on the calculated reliability.

Images